INTERACTIVE GUIDE

Close the ICS Security Gap & Open the Doors to IoT Success

The internet of things (IoT) has unlocked data that helps manufacturers operate more efficiently to meet today’s market demands. It also could potentially open the door to cybercriminals. Industrial control systems (ICS) are becoming more vulnerable to malicious attacks, in some cases due to additional IoT connectivity.

To remain competitive, manufacturers know they can’t halt or scrap their IoT plans. That means they need to understand how to identify security risks and best practices to protect themselves. This interactive guide offers a closer look at the current state of ICS security, tips to help identify and address risks and keys to protecting systems from potential threats.

0%

71% of large-size manufacturers responding to a 2017 survey on industrial cybersecurity said they experienced at least two security incidents over the previous 12 months.1

Threats are on the rise.

Malware is spreading from IT systems to operations. Expect more cybercriminals to remotely access industrial automation systems with malware due to accidental infections from more traditional office networks’ IT systems and limited adoption of security best practices in operations systems.2

Once criminals have access to the system, they can conduct malicious operations manually simply by understanding the different protocols that are commonly used within an operational environment.

Triton’s RAT Attack
Triton malware attacked Schneider Electric’s Triconex Safety Instrumented System (SIS) in 2017.3 Triton is a Remote Access Trojan that caused a shutdown at an operation in the Middle East.4 Schneider’s SIS devices monitor and shut down processes if they move beyond safe parameters. “The malware has the capability to scan and map the industrial control system to provide reconnaissance and issue commands to Tricon controllers. Once deployed, this type of malware, known as a Remotely Accessible Trojan (RAT), controls a system via a remote network connection as if by physical access,” according to Schneider.

Ransomware

The threat of ransomware attacks against industrial firms is increasing. In the first half of 2017, Trojan ransomware attacks on ICS tripled.5 Attackers launch ransomware software to exploit programmatic flaws on a computer or server. They often lock the files or programs and then demand payment—often in the form of digital currency.6

WannaCry Raises Red Flags
In 2017, a ransomware attack known as WannaCry infected more than 200,000 Windows-based systems worldwide. The U.S. linked the attack to North Korean actors. ICS security firm Claroty warns that industrial environments are vulnerable to similar attacks for various reasons, including a lack of segmentation between their IT and OT networks, and the presence of Windows machines inside ICS environments that are not fully patched and often outdated or unsupported.7 The attacks impacted several manufacturers, including disruptions at Honda and Renault-Nissan auto plants.8

PLC Worms

A potential new threat is the introduction of PLC worms, which could spread from one programmable logic controller (PLC) to another.9 Worms differ from viruses because they can self-replicate across a network without any human action (such as downloading a file or opening an email). Researchers have tested worms specifically designed to attack PLCs. Unlike previous attacks, such as Stuxnet, the worm is capable of spreading from one PLC to another without the use of a PC.10

“PLC-Blaster” Test Exposes Weaknesses
Researchers from OpenSource Security created an experimental worm called PLC-Blaster that targeted Siemens SIMATIC S7-1200v3 controllers.11 The worm uses the PLC’s communication features to spread from one device to another. The most likely cause of infection would involve distribution of the worm by an industrial component supplier, or infection of the device during transport.

Are your existing security measures enough?

Traditional security approaches are often inadequate to protect against the latest threats. Some common tactics include the use of air gaps and “security through obscurity.” Unfortunately, many organizations lack a clear understanding of how these systems work to make them effective. Here’s a closer look at each approach and the challenges they present:

Air Gaps

An air gap is essentially a fallacy. In an industrial environment, many organizations may believe their operations systems are protected because they’re not connected to a network. But they may be tied to enterprise networks, such as the ERP system, which often have some level of internet connectivity. On average, industrial networks have 11 direct connections to enterprise networks.12 In some extreme cases, the U.S. Department of Homeland Security has identified up to 250 connections. Even truly air-gapped systems are not safe. Stuxnet is one of the most prolific examples of an air-gapped system under attack. In the case of Stuxnet, infected USB sticks bridged the air gap and wreaked havoc on the operations network.

Security Through Obscurity

Similarly, security through obscurity is built around the idea that the complexity of an ICS protects the system from attacks. Many organizations believe they’re safe because their ICS isn’t connected to the internet or there is relatively little public knowledge about the way an ICS operates. The increase in IoT-enabled attacks prove that cybercriminals are more sophisticated than many people believe.

Attack modes and consequences.

Once attackers gain access to a system, they can take advantage of a manufacturing operation in many ways, including:

Loss
of view

Impeding or eliminating view of key interfaces, such as an HMI.

Manipulation
of view

Misdirecting operators by manipulating information.

Denial
of control

Denying access to critical systems.

Manipulation
of control

Changing control signals sent between devices.

Loss
of control

Denial of information and control signals from reaching intended devices or systems correctly.

Each type of attack can result in significant consequences for manufacturers, including:

Financial Losses
The average annual financial loss for an organization experiencing an ICS cybersecurity breach is $347,603, which includes the actual consequences of the incident and corrective actions (such as software upgrades and additional training).13

Downtime
When attacks occur, downtime or complete shutdowns are inevitable. For example, Renault and its alliance partner Nissan had to idle some of their plants in Europe due to the WannaCry attack.14 Honda was also forced to halt production at a plant near Tokyo.15

Compromised Safety
Cyberattacks may target critical safety systems, as demonstrated in the Triton incident. By attacking the SIS, hackers could have used Triton to cause an explosion or a leak.16 Triton’s code could have disabled the SIS’ safety measures, including automated shutdown capabilities if any abnormalities were detected.

IP Losses
Hackers could launch an attack that gains access to an entire network map. Hidden in this network map is information about the manufacturing process, including how devices and systems are configured. The loss of intellectual property (IP) could put manufacturers at a competitive disadvantage.

7 best practices for securing your ICS.

30

Assemble a Cross-Functional Security Team

Prevention starts with the workforce. Build a cross-functional security team that oversees implementation and monitoring of the security system. The team should consist of key personnel from the IT staff as well as a controls engineer, a control system operator, security subject matter experts, a member of the enterprise risk management staff and representatives from the control system vendor or integrator.17 The National Institute of Standards and Technology (NIST) also recommends that:

The team has knowledge about network architecture, security infrastructure and security processes and practices.

The team reports directly to the information security manager who reports to a facility manager or enterprise IT security manager, such as a CIO or CSO, who assumes complete responsibility for ICS security.

Maintain Up-to-Date Software

Don’t take a passive approach to security. Organizations should take an active role in upgrading their software so they can ensure they have the most recent versions as quickly as possible. According to ICS CERT, additional proactive measures should include:

Shared Responsibility: IoT Cyber Safety & Security

The Internet of Things (IoT) has introduced unprecedented connectivity and major shifts in the way businesses innovate and operate. To realize the full promise of IoT, we must all acknowledge the peril connected technology presents and each take responsibility for securing the IoT landscape. We must band together.

Perform a Security Audit

Before making any changes, upgrades or additions to the ICS security framework, it’s important to understand current capabilities and vulnerabilities. Organizations can accomplish this by performing a security audit. The key steps in a security audit include:

Step 1: Inventory of Assets
Many manufacturers don’t have complete transparency into which assets they need to protect, such as PLCs, HMIs and SCADA systems. Categorize assets based on common properties and understand the data attributes of each asset. This exercise helps manufacturers identify what they need to protect.

Step 2: Inventory of the Network
Organizations also need to know how their assets are connected via networks to understand data paths. Mapping the enterprise’s network helps manufacturers identify how an attacker could gain access to data.

Step 3: Inventory of Data Flows
Many industrial automation protocols don’t include options for securing traffic. This is critical because many attacks only require access to the network and understanding the protocol. Manufacturers should conclude their security audit by understanding the port, protocol, end-points and timing requirements (deterministic or not), so they know where their data needs to flow over the network assets identified in Step 2.

Build a Secure Architecture

Two of the key components to a secure architecture are segmentation and the use of secure protocols at different layers within the ICS.

In the simplest terms, segmentation involves the separation the ICS network from the corporate network. This includes the use of two opposite-facing firewalls to create a “demilitarized zone” (DMZ) for any communications between them.18 The DMZ allows users to receive historian data, antivirus upgrades, patches and other updates without placing the network at risk.19 A best practice is to segment networks with similar functionality into zones, including an enterprise zone (enterprise network/site business planning network), manufacturing zone (DMZ/manufacturing operations and control) and a security cell (supervisory control network/control system network/field device level network).20 All communications within each zone are trusted, while any that enter or leave the zone must be filtered or monitored.21 Preventing unwanted communications requires an automatic, heuristic software tool.22 These tools should flag unexpected traffic, and disallow unauthorized traffic through security points.23

Secure Protocols

Not all operations or IoT protocols are created equal. The nature of the factory is that it contains legacy equipment, as machines and assets are expected to perform for 10 or 20 years, and often even more. Legacy equipment communicates using legacy protocols. To promote interoperability, these protocols are often used even in modern plants. But many of these protocols, such as Modbus, are completely devoid of security.

While it may be impossible to eliminate an operations network of legacy protocols, organizations can ensure their use is controlled. Manufacturers should convert legacy, unsecure protocols into modern, secure protocols such as OPC UA or MQTT using an OPC server or industrial communications platform. They should avoid sending data over a wide-area network using legacy protocols that lack security options. Similarly, legacy protocols should never be used to communicate in network layers above Level 3 in the ISA 95 stack. They only should be used in direct manufacturing control.

30

IIoT Protocols to Watch

A big challenge in IoT is interoperability. There are many protocols to connect industrial devices to IT and IoT platforms. These protocols will co-exist—each with their own strengths and weaknesses—and it’s our job to understand where and when to use them. This white paper focuses on the open standards for connecting industry to IT and provides use cases for each.

Pay Attention to Passwords

Weak passwords are an invitation to cybercriminals. Tips to consider:24

Passwords should be at least 14 characters in length and include a mix of uppercase and lowercase letters, numbers and special characters.

Avoid well known, easily guessed or common passwords.

Change passwords at least every 90 days.

Require separate passwords for corporate and control network zones and store them in separate trust stores.

Don’t share Active Directory, RSA ACE servers or other trust stores between the corporate and control network.

Use two-factor authentication whenever possible .

Patch and Update Frequently

Patches and updates are critical for maintaining system integrity. In fact, 59% of companies responding to a Business Advantage report on ICS security say they issue patches and updates every two weeks or less.25 Organizations that regularly patch software reduce system vulnerabilities that could lead to costly security breaches. Back-end security updates are also critical. Some best practices for patches and back-end security include the use of:

Administrators should have a regular schedule for upgrades and patch management procedures.26 This is a critical practice because it can significantly minimize vulnerabilities in a system and prevent future attacks.

30

30

Work With a System Integrator or Security Services Firm

System integrators can help reduce the cost and time to establish and maintain a secure ICS network. An integrator can work with the IT department or security team to design and install the security system.27 Integrators also can help:

Provide a quick recovery after a cyber attack.

Provide training to staff regarding ICS security.

Advise organizations on ICS security practices.

Companies like Red Trident partner with their clients to provide this type of support and more.

Get connected safely from the start.

IoT is a competitive difference maker for manufacturers. But they must conduct due diligence to ensure they don’t introduce security risks to their ICS. A shared responsibility approach is a critical step toward ensuring manufacturers remain secure while achieving their business goals. This includes the selection of vendors that offer secure connectivity platforms with key security features, including modern encryption, updated versions and ongoing support.

KEPServerEX® is the industry’s leading connectivity platform that provides a single source of industrial automation data to all of your applications. The platform design allows users to connect, manage, monitor, and control diverse automation devices and software applications through one intuitive user interface.

KEPServerEX Business Value

KEPServerEX solves common connectivity challenges—providing secure and reliable access to real-time industrial data so everyone from the shop floor to the top floor can make smarter decisions.

KEPServerEX Secure Deployment Guide

Deploy KEPServerEX with maximum security. It is recommended that this guide is followed closely when deploying new production installs as well as to compare existing configurations and adjust for best practices.

Vice President, IIoT Strategy and Implementation Americas, Siemens

Tim is a leader in the intelligent application of analytics technologies, including the open cloud based operating system for the IoT MindSphere. He has held development and market facing roles at Genedata, Inc., Tibco Spotfire, Perkin Elmer, and H2O.ai. Today, he acts in a leadership role for Siemens as VP for IIoT Strategy and Implementation in the Americas. His team is revolutionizing how companies do business. Tim and his team work with customers and partners to help identify how to apply the appropriate technology solution to the challenges specific to their industry, size and corporate goals, in order for them to best achieve tangible returns.

Tom "Elvis" Jones

Solutions Architect, Amazon Web Services

Tom spends his time focusing on the complex challenges of strategic partners in the Design, Engineering, and Manufacturing space. His career has spanned both the hardware and software sides of the house, including work at Red Hat, Transmeta, and Pratt & Whitney, giving Tom an extremely broad technical experience across multiple industries and verticals. He is a whitepaper author, a patent holder, a training material builder, a DevOps expert, an active Maker, a mountain biker, and above all, a passionate technologist. He has been known to go far out of his way for pinball and fondly recalls playing “Adventure” on an ADDS Viewpoint ASCII terminal.

Jagannath Rao

SVP, Siemens Cloud Application Services

Jagannath Rao is responsible for the data-driven services business of the industrial Internet of Things (IIoT), which includes MindSphere, the secure, cloud-based, open IoT operating system built for industry. His portfolio of responsibilities includes the widespread application of “Big Data” technologies in the realm of manufacturing, covering topics such as plant analytics, asset analytics, artificial intelligence, machine learning, and other digital services. He advises companies around the world how to best employ IIoT strategies and technologies.

Joe Barkai

Author, The Outcome Economy

Today a consultant, speaker, author, and blogger, Joe Barkai was once vice president of research at IDC, one of the world’s top market research firms. He specializes in charting market strategies for a connected world: the Internet of Things; connected cars; innovation; and product lifecycles. He has more than 30 years of experience in helping organizations map out their product and market strategies. He’s been at the nexus of business and technology, consulting with hundreds of organizations across diverse industries, giving him a unique ability to “connect the dots” and clearly articulate the always-evolving business value of technology.

test embed

Wind River Digital Transformation Registration TEST

Register for full access to this interactive resource highlighting six key challenges critical infrastructures face.

First Name*

Last Name*

Job Title*

Company*

Address 1*

Address 2

City*

State or Province*

ZIP/Postal Code*

Country*

Country

Phone Number*

Email*

What is the status of adopting software-based control systems at your company?

We don’t know how or whether virtualizing would benefit us

We have a plan to evolve our systems

We are actively engaged with vendors to discuss virtualization solutions

We will build all of our own virtualization solutions

Other

What business benefits do you expect to achieve through virtualization?

I acknowledge and agree to Informa’s Terms of Service and to Informa’s use of my contact information to communicate with me about offerings by Informa, its brands, affiliates and/or third-party partners, consistent with Informa’s Privacy Policy. In addition, I understand that my personal information will be shared with any sponsor(s) of the resource, so they can contact me directly about their products or services. Please refer to the privacy policies of such sponsor(s) for more details on how your information will be used by them.

*

By clicking submit, I acknowledge and agree to Informa’s Terms of Service and to Informa’s use of my contact information to communicate with me about offerings by Informa, its brands, affiliates and/or third-party partners, consistent with Informa’s Privacy Policy. In addition, I understand that my personal information will be shared with any sponsor(s) of the resource, so they can contact me directly about their products or services. Please refer to the statement privacy policies of such sponsor(s) for more details on how your information will be used by them.

Wind River may contact me directly about industry news, products, services and events that may be of interest to me subject to their privacy policy.

Informa would like to use your contact details to send you information and offers about our, products, services, events, conferences, subscriptions and publications that may be of interest to you, as well as on behalf of our carefully selected partners. You may opt out of receiving these messages at any time by clicking unsubscribe. You can find more information in our Privacy Policy.

Director – Internet of Things Group, Intel Corporation

Wayne is currently a Director in Intel’s Internet of Things (IOT) group in charge of developing the overall technology partner ecosystem for the IOT. He’s a customer centric and solution oriented Technology Executive with over 30 years of progressive global sales, operations and business management experience. He has a track record of successfully implementing organizational transformations and business growth to achieve measurable results. Through his leadership, his teams solve complex business issues with well architected solutions based on a combination of products, services, and software platforms. Throughout his career, Wayne has been involved in the evolution of technology and communications and continues to be engaged with its impacts on how people and businesses live and operate.

Prior to Intel, he served as Senior Vice President and GM of the Embedded and Connected Services division of Symphony Services, a global technology development and services company. In this role Wayne led global sales, development and delivery. Additionally his team was the catalyst for the strategic development of Symphony Services plan to grow both traditional embedded computing and entry into the new connected market of the IOT.

Previously, Wayne was President of the Americas division for Acision – the leader in providing SMS (text messaging) platforms to telecommunications operators. At Acision, Wayne led a 5X growth in revenues and profitability for the organization and successfully completed the largest strategic deal signed by the company. Wayne holds an MBA – finance from Xavier University and a BSBA in Marketing from Central Michigan University.

Vikas Butaney

Vice President IoT Connectivity, Cisco

Vikas partners closely with leading customers and integrators as they transform from product to a digital business using IoT technologies. Vikas has global responsibility for Strategy, Partnerships, and product roadmaps for Cisco IoT including Sensor Connectivity, Industrial Security, Edge Compute and Industrial Networking. Vikas works closely with Cisco’s leading IoT customers and GTM partners to drive IoT adoption and customer success.

Vikas has held leading positions in Cisco with broad product portfolio responsibilities including in Cisco’s Enterprise and Service Provider products and solutions, like Voice, Video, Wireless and Routing. Vikas has held leadership positions at MobileIron, Accelera Mobile Broadband, Verizon, and earned his M.S. in Electrical Engineering focusing on Optical and Data Communications from Virginia Tech in Blacksburg, VA.

Robert Gimeno

Managing Director – IoT, Accenture

As a Digital Managing Director and Data Science Advisor, Robert Gimeno has a passion for Innovation Leadership with a solid experience in Supply Chain and Operations. He is focused on how IoT will change business models. Robert is an experienced advisor in Industrial and B2C for clients around the globe and a storytelling and design expert.

Nadeem Asghar

Field CTO and Vice President, Global Head of Partner Engineering, Hortonworks

Mr. Nadeem Asghar is seasoned Technology Leader with over 20 years of diverse hands on CXO level (CTO, CDO, CIO, Chief Architect) experience. He is currently working as VP, Global Head of Technical Alliances and Field CTO at Hortonworks. Mr. Asghar is responsible for data science practice, management, strategic vision and direction of Global Field and Partner Engineering Team.

Vice President of IoT, SAS

Jason Mann is responsible for growing IoT revenue and providing global focus, strategic direction and alignment across the SAS IoT analytics portfolio. He oversees the research and development, product management and marketing, and execution of the sell-through strategy across the portfolio. “With more than 20 billion connected things projected to be in use by 2020, the unbelievable volume of data that will be generated will require customers to do things differently,” said Mann. “My job is to empower R&D teams to innovate and create the forward-looking solutions that enable customers to seize the opportunity inherent in IoT, solve specific business challenges and capitalize on the insights mined from the data.”

Prior to his current position, Mann served as Director of Product Management for Industry Solutions and the Internet of Things where he set the strategic IoT direction for SAS. He was also responsible for product management of the manufacturing and supply chain, retail, energy, and health and life sciences industry solutions. Prior to that, he served as Manufacturing Industry Strategist where he led the internal and external positioning of SAS’ distinctive competence and value to the manufacturing industry. Before joining SAS in 2003, Mann worked at Nortel Networks for 10 years where he led the multiyear design and implementation of global manufacturing operations and order management systems. Mann received a bachelor’s degree in industrial engineering from North Carolina State University.

Adebayo Onigbanjo is the operating leader for the Transport Intelligence business for GE Transportation Digital Solutions. As operating leader, Adebayo juggles the tasks of monetizing the Transport Intelligence business by ensuring alignment between business strategy, go-to-market activities as well as product management, engineering, customer delivery, strategic partnerships and services. Transport Intelligence, a business within GE Transportation Digital Solutions that connects Transportation industry assets to deliver actionable outcomes and productivity for its customers in ways not previously possible.

A graduate of Brunel University with a MSc in Data Communications systems, Adebayo has since worked with Zebra Technologies as Director of marketing and strategy in the Chief Technology Office and board member of the Chicago IoT council focused on IoT technology framework, applications and monetization.

Kronos: Put Your Labor to Work Webinar

Kronos: Schedule a Consultation

Please complete the form below.

Email Address*

Country*

By clicking submit, I acknowledge that the personal information I provided when registering to access this site will be provided to Kronos so that a representative can reach out to me to schedule a consultation. View Kronos' Privacy Policy for more details on how your information will be used by them.

We use cookies to improve your website experience. To learn about our use of cookies and how you can manage your settings, please see our Cookie Policy. By continuing to use the website, you consent to our use of cookies.

Charlie Ashton

Senior Director of Business Development, Wind River

Charlie Ashton is an accomplished marketing and business development executive with extensive experience in the embedded systems industry. At Wind River, Charlie is responsible for business development activities for the networking and telecommunications industries. A prolific writer and commentator, his frequent blog posts and trade articles can be found throughout the embedded and software communities’ literature. Charlie has held management roles in both engineering and marketing at software, semiconductor and systems companies including 6Wind, Green Hills Software, Timesys, Motorola (now Freescale Semiconductor), AppliedMicro, AMD, and Dell. Charlie graduated from the University of Reading in England with a BS degree in Electrical Engineering.